Web app firewalls (like modsec) are exactly that; firewalls. Just instead of blocking IP addresses or ports, they block request based on a rule set. The rule set generally has rules to catch certain exploit attempts so they don't hit the web site for processing.

From what I can gather after running Easy Apache, mod security is actually installed.
However, when i look at ModSecurity Configuration, it's about as useful as a chocolate fireguard.
It makes no sense.

Staff Member

The new cPanel setup for ModSec is your best bet, as far as easy goes. If you're not sure what you're doing, it doesn't get any easier than this.

There are some issues with the rules, but I would think cPanel and OWASP are working on making them better.

...simplified instructions on how to install them.

Click to expand...

Do you have the OWASP rules installed?
Home » Security Center » Manage Vendors

If not, make sure cPanel is up to date (and CSF as well, as of this post) and then click Install > Install and Restart Apache, there.
Make sure, Enabled, and Updates On are both, On.
---
Here:
Home » Security Center » Configure Global Directives

CSF/LFD sends out useful emails about blocking with ModSec. You should monitor these hits, and those emails to keep an eye on legit users or scripts being blocked. If you see one, you'll need the ID from the rule to take proper action, for example: 960009

From the "Hits List" page, click the "Rules List" button top right corner.
Using that example rule above, search for it there on the Rules List.

When you find it, click the Disable option.

Reporting tools are to be added here as I understand it, and with that, the rules will be made better over time by us reporting the issues/rules and as they are updated nightly when possible.

There is no other easier way to go. There are better rules though, for now.

I came across it searching for this from your post: [tag "WASCTC/WASC-21"]

The blog posts he links to are dated, but must still be of value, they're still being linked to on the email list:
/http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2015-January/001700.html

this is what i have regarding mod security in Secirity Center "
"
However, when i go into either of them, there's little in there in the way of help.
Configuration has a number of radio buttons, process this, process that, and areas to specify paths to files i guess.
The tools section appears to be where you can add custom rules, but again, not much in the way of help.

When i originally ran EasyApache, i installed MOD_RUID2, does this have anything to do with ModSecurity ?

So I took a risk and did the update to 11.46.2.4, but it still doesn't help in my understanding for ModSecurity.
Regards post #5, i found these parameters in ModSecurity Configuration.
And a link to "Hit Lists" in ModSecurity Tools.
But i'm none the wiser on how to install a rule set.